Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 1

An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of
"MM_NO_STATE." Why does this failure occur?

Answer options

• A. The ISAKMP policy priority values are invalid.
• B. ESP traffic is being dropped.
• C. The Phase 1 policy does not match on both devices.
• D. Tunnel protection is not applied to the DMVPN tunnel.

Correct answer: C

Explanation

The correct answer is C because 'MM_NO_STATE' indicates that the ISAKMP negotiation has failed due to mismatched Phase 1 parameters between the two devices. Option A is incorrect as it does not directly relate to the state issue, B is not relevant since ESP traffic is not the cause of this specific error, and D is also incorrect because tunnel protection is not a factor in the initial ISAKMP negotiation phase.